October 2nd, 2001, 04:35 PM
How do I close some malicious ports that are open on my server??
October 2nd, 2001, 06:29 PM
What ports are they? How are they malicious? Generally speaking you would need to find the program that's running to keep the port open, be it netcat or whatever else. When posting in future try to include a little more detail.
October 2nd, 2001, 08:05 PM
Unless you want to get really-technical and in-the-guts-of-the-sockets, you should either STOP the programs running which are using those ports, or keep them from running in the first place, (E.G.: The start-up section of the Windows Start Menu, or the registry auto-run).
Failing that, firewall, block them. They'll still be open, but you can keep people from getting to them.
[HvC]Terr: L33T Technical Proficiency
October 2nd, 2001, 09:42 PM
Sorry folks, I was being deliberitely vague for a good reason. It was my SMTP server. As my e-mail address may be visible I didn't want to announce it! if that makes sense? Anyhow, I had a hunt around the registry and removed the offenders. Netbus being one. My firewall is also now blocking the offending ports.
October 2nd, 2001, 10:08 PM
I'd still be concerned about that box, its common enough that an entry in the registry is just there to throw the sys admin off the trail, there are plenty of other places to put a back door.
Why wasn't your firewall blocking the ports in the first place - is it not better policy to close all sockets except for the ones you really need as opposed to selectively blocking ports?
October 2nd, 2001, 10:13 PM
if someone got netbus on there....there could be more stuff. go here : www.agnitum.com get tauscan and run it to be safe. just my 2 worthless pennies.
Antionline in a nutshell
\"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"
Trust your Technolust
October 3rd, 2001, 09:24 AM
Thanks again for your input guys. I ran a copy of Retina on the troublesome server after I deleted the offending apps and registry entries and a reboot. I ran it again this morning. All clear. I am not the Firewall or router admin so I can't comment as to why it wasn't done in the first place.